2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--56122e52-72c0-4614-83ff-4d3c950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:37:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:37:32.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--56122e52-72c0-4614-83ff-4d3c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:37:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:37:32.000Z",
|
|
|
|
"name": "OSINT YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs by Palo Alto Networks Unit 42",
|
|
|
|
"published": "2015-10-05T08:37:43Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--56122e66-5114-47be-ab35-4e36950d210b",
|
|
|
|
"url--56122e66-5114-47be-ab35-4e36950d210b",
|
|
|
|
"indicator--56122e75-86b8-4e31-9a0d-473f950d210b",
|
|
|
|
"indicator--56122ed6-8ff8-4989-aca2-4af4950d210b",
|
|
|
|
"indicator--56122ed6-c738-4985-8dd7-459f950d210b",
|
|
|
|
"indicator--56122f0a-5f34-40ff-b604-4dfe950d210b",
|
|
|
|
"indicator--56122f2c-cff8-4ae5-b692-066f950d210b",
|
|
|
|
"indicator--56122f2c-557c-48b2-bc4d-066f950d210b",
|
|
|
|
"indicator--56122f2d-ac9c-418a-8acb-066f950d210b",
|
|
|
|
"indicator--56122f2d-6c0c-4ef9-9087-066f950d210b",
|
|
|
|
"indicator--56122f2e-d160-4343-b721-066f950d210b",
|
|
|
|
"indicator--56122f85-bd40-40cb-958b-4cd8950d210b",
|
|
|
|
"indicator--56122f85-0f20-422f-bb87-4328950d210b",
|
|
|
|
"indicator--56122f86-208c-4745-8d54-4756950d210b",
|
|
|
|
"indicator--56122f86-6428-4db0-ad8a-4caa950d210b",
|
|
|
|
"indicator--56122f86-5b44-443a-b489-4814950d210b",
|
|
|
|
"indicator--56122f87-23a4-4bb9-b793-41c5950d210b",
|
|
|
|
"indicator--56122f87-8a14-41f4-a4bb-4110950d210b",
|
|
|
|
"indicator--56122f88-4db8-4d18-9ddf-4533950d210b",
|
|
|
|
"indicator--56122f88-9488-4d3f-9cc8-4b30950d210b",
|
|
|
|
"indicator--56122f88-ddf0-4bcb-b209-49c4950d210b",
|
|
|
|
"indicator--56122f89-66fc-4b9b-8b2f-4d64950d210b",
|
|
|
|
"indicator--56122f89-91fc-46ab-be05-4220950d210b",
|
|
|
|
"indicator--56122fac-a254-4a20-9031-4a15950d210b",
|
|
|
|
"indicator--56122fac-49e0-4b1a-85cc-4649950d210b",
|
|
|
|
"indicator--56122fad-f2f0-4d65-8a2b-4c59950d210b",
|
|
|
|
"indicator--56122fad-b314-484a-b608-4a5f950d210b",
|
|
|
|
"indicator--56122fad-ade8-404a-8302-4f45950d210b",
|
|
|
|
"indicator--56122fae-4530-4ce3-9e0a-48da950d210b",
|
|
|
|
"indicator--56122fae-3754-4a7b-950f-4438950d210b",
|
|
|
|
"indicator--56122fae-801c-48dd-a6df-46af950d210b",
|
|
|
|
"indicator--56122faf-5e6c-4d4b-9c79-41b3950d210b",
|
|
|
|
"indicator--56122faf-35e0-4381-95f8-4f71950d210b",
|
|
|
|
"indicator--56122fb0-5d80-466d-a0a9-492c950d210b",
|
|
|
|
"indicator--56122fb0-d3b4-4f35-bfb1-4a31950d210b",
|
|
|
|
"indicator--56122fb0-84f8-418f-b177-459f950d210b",
|
|
|
|
"indicator--56122fb1-7874-446d-a713-49fc950d210b",
|
|
|
|
"indicator--56122fb1-fb4c-4b0f-bcd7-481d950d210b",
|
|
|
|
"indicator--56122fb1-7a64-4163-9d00-45c8950d210b",
|
|
|
|
"indicator--56122fb2-c8d8-4a2c-9b54-43b9950d210b",
|
|
|
|
"indicator--56122fb2-61f0-49f1-b033-4fb8950d210b",
|
|
|
|
"indicator--56122fb3-6cd0-4764-ac94-4b21950d210b",
|
|
|
|
"indicator--56122fb3-b950-45fa-897d-4af9950d210b",
|
|
|
|
"indicator--56122fb3-35a8-479c-b8dd-4dd6950d210b",
|
|
|
|
"indicator--56122fcb-0dbc-4f4d-b46e-4e2a950d210b",
|
|
|
|
"indicator--56122fcc-5d98-48f0-b422-413e950d210b",
|
|
|
|
"indicator--56122fcc-0478-4f00-9030-4a2a950d210b",
|
|
|
|
"indicator--56122fcc-b380-4e9f-9168-4f36950d210b",
|
|
|
|
"indicator--56122fcd-5364-45d4-a2a2-455b950d210b",
|
|
|
|
"indicator--56122fcd-b01c-4691-af77-40c6950d210b",
|
|
|
|
"indicator--56123678-ba64-45be-87f6-2be0950d210b",
|
|
|
|
"indicator--56123679-e8b8-459c-87ee-2be0950d210b",
|
|
|
|
"observed-data--56123679-72a0-48fd-817c-2be0950d210b",
|
|
|
|
"url--56123679-72a0-48fd-817c-2be0950d210b",
|
|
|
|
"indicator--56123679-979c-41f7-b924-2be0950d210b",
|
|
|
|
"indicator--5612367a-9718-46c8-9e1e-2be0950d210b",
|
|
|
|
"observed-data--5612367a-e94c-44fc-9ffa-2be0950d210b",
|
|
|
|
"url--5612367a-e94c-44fc-9ffa-2be0950d210b",
|
|
|
|
"indicator--5612367a-7ff8-40d3-969a-2be0950d210b",
|
|
|
|
"indicator--5612367b-ada4-489e-b952-2be0950d210b",
|
|
|
|
"observed-data--5612367b-9b78-44b1-a155-2be0950d210b",
|
|
|
|
"url--5612367b-9b78-44b1-a155-2be0950d210b",
|
|
|
|
"indicator--5612367c-0a50-4d47-a47b-2be0950d210b",
|
|
|
|
"indicator--5612367c-f468-49da-be5f-2be0950d210b",
|
|
|
|
"observed-data--5612367c-eafc-4ff3-920c-2be0950d210b",
|
|
|
|
"url--5612367c-eafc-4ff3-920c-2be0950d210b",
|
|
|
|
"indicator--5612367d-95f0-4ca5-b30f-2be0950d210b",
|
|
|
|
"indicator--5612367d-f650-437c-8996-2be0950d210b",
|
|
|
|
"observed-data--5612367d-62ac-4237-a0fa-2be0950d210b",
|
|
|
|
"url--5612367d-62ac-4237-a0fa-2be0950d210b",
|
|
|
|
"indicator--5612367e-29f8-4cc6-937f-2be0950d210b",
|
|
|
|
"indicator--5612367e-9488-4967-a1dd-2be0950d210b",
|
|
|
|
"observed-data--5612367f-9664-4955-b545-2be0950d210b",
|
|
|
|
"url--5612367f-9664-4955-b545-2be0950d210b",
|
|
|
|
"indicator--5612367f-0ddc-4617-b770-2be0950d210b",
|
|
|
|
"indicator--5612367f-6704-47b8-9933-2be0950d210b",
|
|
|
|
"observed-data--56123680-d16c-4073-9a3d-2be0950d210b",
|
|
|
|
"url--56123680-d16c-4073-9a3d-2be0950d210b",
|
|
|
|
"indicator--56123680-9a08-48c2-ba00-2be0950d210b",
|
|
|
|
"indicator--56123681-2810-4cb1-bee2-2be0950d210b",
|
|
|
|
"observed-data--56123681-bd68-480a-a5b3-2be0950d210b",
|
|
|
|
"url--56123681-bd68-480a-a5b3-2be0950d210b",
|
|
|
|
"indicator--56123681-3e18-459d-9a4d-2be0950d210b",
|
|
|
|
"indicator--56123682-b230-4ca5-bb9e-2be0950d210b",
|
|
|
|
"observed-data--56123682-bdb8-4891-8f0e-2be0950d210b",
|
|
|
|
"url--56123682-bdb8-4891-8f0e-2be0950d210b",
|
|
|
|
"indicator--56123682-2c4c-46f1-b2d5-2be0950d210b",
|
|
|
|
"indicator--56123683-c89c-45d5-8d79-2be0950d210b",
|
|
|
|
"observed-data--56123683-a0bc-44cc-9cff-2be0950d210b",
|
|
|
|
"url--56123683-a0bc-44cc-9cff-2be0950d210b",
|
|
|
|
"indicator--56123684-0954-4780-a731-2be0950d210b",
|
|
|
|
"indicator--56123684-cc50-4d41-8471-2be0950d210b",
|
|
|
|
"observed-data--56123684-c3a0-414d-b0de-2be0950d210b",
|
|
|
|
"url--56123684-c3a0-414d-b0de-2be0950d210b",
|
|
|
|
"indicator--56123685-fb08-4246-bf80-2be0950d210b",
|
|
|
|
"indicator--56123685-3ad8-4444-94ec-2be0950d210b",
|
|
|
|
"observed-data--56123685-21c4-4d6b-90ac-2be0950d210b",
|
|
|
|
"url--56123685-21c4-4d6b-90ac-2be0950d210b",
|
|
|
|
"indicator--56123686-3a60-4fd3-bd01-2be0950d210b",
|
|
|
|
"indicator--56123686-c5ac-442a-b63f-2be0950d210b",
|
|
|
|
"observed-data--56123687-98ac-4203-949c-2be0950d210b",
|
|
|
|
"url--56123687-98ac-4203-949c-2be0950d210b",
|
|
|
|
"indicator--56123687-b3ec-4821-a81d-2be0950d210b",
|
|
|
|
"indicator--56123687-3da0-43b1-a9be-2be0950d210b",
|
|
|
|
"observed-data--56123688-66c0-4915-a961-2be0950d210b",
|
|
|
|
"url--56123688-66c0-4915-a961-2be0950d210b",
|
|
|
|
"indicator--56123688-d310-4c26-868f-2be0950d210b",
|
|
|
|
"indicator--56123688-da9c-442a-8633-2be0950d210b",
|
|
|
|
"observed-data--56123689-0f68-4e9a-bbe8-2be0950d210b",
|
|
|
|
"url--56123689-0f68-4e9a-bbe8-2be0950d210b",
|
|
|
|
"indicator--56123689-c460-48c7-8da8-2be0950d210b",
|
|
|
|
"indicator--5612368a-2408-4474-969d-2be0950d210b",
|
|
|
|
"observed-data--5612368a-e73c-4991-ae37-2be0950d210b",
|
|
|
|
"url--5612368a-e73c-4991-ae37-2be0950d210b",
|
|
|
|
"indicator--5612368a-4b7c-43a1-a442-2be0950d210b",
|
|
|
|
"indicator--5612368b-b9bc-422f-876a-2be0950d210b",
|
|
|
|
"observed-data--5612368b-4b00-4813-ac28-2be0950d210b",
|
|
|
|
"url--5612368b-4b00-4813-ac28-2be0950d210b",
|
|
|
|
"indicator--5612368b-19b0-4af5-a08d-2be0950d210b",
|
|
|
|
"indicator--5612368c-129c-4e5a-81fc-2be0950d210b",
|
|
|
|
"observed-data--5612368c-2f98-4669-8618-2be0950d210b",
|
|
|
|
"url--5612368c-2f98-4669-8618-2be0950d210b",
|
|
|
|
"indicator--5612368d-4b68-44cf-973d-2be0950d210b",
|
|
|
|
"indicator--5612368d-e590-4d7a-af9c-2be0950d210b",
|
|
|
|
"observed-data--5612368d-8c70-4611-9056-2be0950d210b",
|
|
|
|
"url--5612368d-8c70-4611-9056-2be0950d210b",
|
|
|
|
"indicator--5612368e-68c4-4166-a96e-2be0950d210b",
|
|
|
|
"indicator--5612368e-66c8-4acb-bd1c-2be0950d210b",
|
|
|
|
"observed-data--5612368e-749c-476a-b666-2be0950d210b",
|
|
|
|
"url--5612368e-749c-476a-b666-2be0950d210b",
|
|
|
|
"indicator--5612368f-495c-499a-8787-2be0950d210b",
|
|
|
|
"indicator--5612368f-3454-47de-8bdf-2be0950d210b",
|
|
|
|
"observed-data--56123690-8e90-48fc-886f-2be0950d210b",
|
|
|
|
"url--56123690-8e90-48fc-886f-2be0950d210b",
|
|
|
|
"indicator--56123690-f520-484e-b0a2-2be0950d210b",
|
|
|
|
"indicator--56123690-3b70-4a9b-a674-2be0950d210b",
|
|
|
|
"observed-data--56123691-7b10-4112-a54b-2be0950d210b",
|
|
|
|
"url--56123691-7b10-4112-a54b-2be0950d210b",
|
|
|
|
"indicator--56123691-8708-4340-bd29-2be0950d210b",
|
|
|
|
"indicator--56123691-7ce8-4b16-8b16-2be0950d210b",
|
|
|
|
"observed-data--56123692-eb1c-4cc3-9467-2be0950d210b",
|
|
|
|
"url--56123692-eb1c-4cc3-9467-2be0950d210b",
|
|
|
|
"indicator--56123692-c37c-4253-8c70-2be0950d210b",
|
|
|
|
"indicator--56123693-6df4-45b7-9142-2be0950d210b",
|
|
|
|
"observed-data--56123693-9c38-49e3-aea5-2be0950d210b",
|
|
|
|
"url--56123693-9c38-49e3-aea5-2be0950d210b",
|
|
|
|
"indicator--56123693-d30c-45b9-a988-2be0950d210b",
|
|
|
|
"indicator--56123694-a020-4f98-b3a0-2be0950d210b",
|
|
|
|
"observed-data--56123694-78e8-4b99-a13e-2be0950d210b",
|
|
|
|
"url--56123694-78e8-4b99-a13e-2be0950d210b",
|
|
|
|
"indicator--56123694-1c68-4798-81bd-2be0950d210b",
|
|
|
|
"indicator--56123695-ed88-4a5d-82b0-2be0950d210b",
|
|
|
|
"observed-data--56123695-94f8-4c94-acf0-2be0950d210b",
|
|
|
|
"url--56123695-94f8-4c94-acf0-2be0950d210b",
|
|
|
|
"indicator--56123696-61dc-4634-8331-2be0950d210b",
|
|
|
|
"indicator--56123696-1be8-41c4-89f1-2be0950d210b",
|
|
|
|
"observed-data--56123696-0128-41ca-996b-2be0950d210b",
|
|
|
|
"url--56123696-0128-41ca-996b-2be0950d210b",
|
|
|
|
"indicator--56123697-4a84-4e94-828b-2be0950d210b",
|
|
|
|
"indicator--56123697-2b78-43e3-b7d8-2be0950d210b",
|
|
|
|
"observed-data--56123697-5884-4690-8d48-2be0950d210b",
|
|
|
|
"url--56123697-5884-4690-8d48-2be0950d210b",
|
|
|
|
"indicator--56123698-3a0c-4a93-bae2-2be0950d210b",
|
|
|
|
"indicator--56123698-28f8-4982-a230-2be0950d210b",
|
|
|
|
"observed-data--56123699-3388-43a1-8aec-2be0950d210b",
|
|
|
|
"url--56123699-3388-43a1-8aec-2be0950d210b",
|
|
|
|
"indicator--56123699-e1dc-4ac9-b70e-2be0950d210b",
|
|
|
|
"indicator--56123699-0794-4ef2-82b7-2be0950d210b",
|
|
|
|
"observed-data--5612369a-9cb8-4a93-a99e-2be0950d210b",
|
|
|
|
"url--5612369a-9cb8-4a93-a99e-2be0950d210b",
|
|
|
|
"indicator--5612369a-0b90-448a-ad34-2be0950d210b",
|
|
|
|
"indicator--5612369a-5400-41b5-b78c-2be0950d210b",
|
|
|
|
"observed-data--5612369b-2b30-4d4d-9b65-2be0950d210b",
|
|
|
|
"url--5612369b-2b30-4d4d-9b65-2be0950d210b",
|
|
|
|
"indicator--5612369b-5f44-44c8-b8d9-2be0950d210b",
|
|
|
|
"indicator--5612369c-c5d8-4ec2-b483-2be0950d210b",
|
|
|
|
"observed-data--5612369c-3b50-46d3-9fe1-2be0950d210b",
|
|
|
|
"url--5612369c-3b50-46d3-9fe1-2be0950d210b",
|
|
|
|
"indicator--5612369c-6b54-4725-9fe2-2be0950d210b",
|
|
|
|
"indicator--5612369d-f69c-4fd5-8096-2be0950d210b",
|
|
|
|
"observed-data--5612369d-b09c-412d-8b26-2be0950d210b",
|
|
|
|
"url--5612369d-b09c-412d-8b26-2be0950d210b",
|
|
|
|
"indicator--5612369e-2d64-4ba6-b81c-2be0950d210b",
|
|
|
|
"indicator--5612369e-8d34-4034-a2c9-2be0950d210b",
|
|
|
|
"observed-data--5612369e-fc24-4214-b219-2be0950d210b",
|
|
|
|
"url--5612369e-fc24-4214-b219-2be0950d210b",
|
|
|
|
"indicator--5612369f-d0ac-4c12-a7b6-2be0950d210b",
|
|
|
|
"indicator--5612369f-f5d8-49c4-94a9-2be0950d210b",
|
|
|
|
"observed-data--5612369f-3e68-4624-9809-2be0950d210b",
|
|
|
|
"url--5612369f-3e68-4624-9809-2be0950d210b",
|
|
|
|
"indicator--561236a0-8778-4332-a006-2be0950d210b",
|
|
|
|
"indicator--561236a0-632c-4e29-9a6c-2be0950d210b",
|
|
|
|
"observed-data--561236a1-7de8-41ea-9a70-2be0950d210b",
|
|
|
|
"url--561236a1-7de8-41ea-9a70-2be0950d210b",
|
|
|
|
"indicator--561236a1-9d44-4c79-948d-2be0950d210b",
|
|
|
|
"indicator--561236a1-dec8-4272-bc8e-2be0950d210b",
|
|
|
|
"observed-data--561236a2-d428-45b8-9e1a-2be0950d210b",
|
|
|
|
"url--561236a2-d428-45b8-9e1a-2be0950d210b",
|
|
|
|
"indicator--561236a2-a3dc-4b60-a37c-2be0950d210b",
|
|
|
|
"indicator--561236a2-2d88-4e2c-af41-2be0950d210b",
|
|
|
|
"observed-data--561236a3-8ff8-4191-993f-2be0950d210b",
|
|
|
|
"url--561236a3-8ff8-4191-993f-2be0950d210b",
|
|
|
|
"indicator--561236a3-903c-49fd-822a-2be0950d210b",
|
|
|
|
"indicator--561236a4-71b4-40a2-af67-2be0950d210b",
|
|
|
|
"observed-data--561236a4-404c-43eb-b507-2be0950d210b",
|
|
|
|
"url--561236a4-404c-43eb-b507-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56122e66-5114-47be-ab35-4e36950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:01:42.000Z",
|
|
|
|
"modified": "2015-10-05T08:01:42.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:01:42Z",
|
|
|
|
"last_observed": "2015-10-05T08:01:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56122e66-5114-47be-ab35-4e36950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56122e66-5114-47be-ab35-4e36950d210b",
|
|
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122e75-86b8-4e31-9a0d-473f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:01:57.000Z",
|
|
|
|
"modified": "2015-10-05T08:01:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:01:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122ed6-8ff8-4989-aca2-4af4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:03:34.000Z",
|
|
|
|
"modified": "2015-10-05T08:03:34.000Z",
|
|
|
|
"description": "Previous Android malware",
|
|
|
|
"pattern": "[domain-name:value = 'ad.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:03:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122ed6-c738-4985-8dd7-459f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:03:34.000Z",
|
|
|
|
"modified": "2015-10-05T08:03:34.000Z",
|
|
|
|
"description": "Previous Android malware",
|
|
|
|
"pattern": "[domain-name:value = 'down.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:03:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f0a-5f34-40ff-b604-4dfe950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:04:26.000Z",
|
|
|
|
"modified": "2015-10-05T08:04:26.000Z",
|
|
|
|
"description": "Windows Virus (Almanahe.B)",
|
|
|
|
"pattern": "[domain-name:value = 'ty1.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:04:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f2c-cff8-4ae5-b692-066f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:05:00.000Z",
|
|
|
|
"modified": "2015-10-05T08:05:00.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'iosnoico.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:05:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f2c-557c-48b2-bc4d-066f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:05:00.000Z",
|
|
|
|
"modified": "2015-10-05T08:05:00.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'qvod.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:05:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f2d-ac9c-418a-8acb-066f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:05:01.000Z",
|
|
|
|
"modified": "2015-10-05T08:05:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'qvios.od.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:05:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f2d-6c0c-4ef9-9087-066f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:05:01.000Z",
|
|
|
|
"modified": "2015-10-05T08:05:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dp.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:05:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f2e-d160-4343-b721-066f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:05:02.000Z",
|
|
|
|
"modified": "2015-10-05T08:05:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'iosads.cdn.bb800.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:05:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f85-bd40-40cb-958b-4cd8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:29.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:29.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '57cc101ee4a9f306236d1d4fb5ccb3bb96fa76210142a5ec483a49321d2bd603']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f85-0f20-422f-bb87-4328950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:29.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:29.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4938b9861b7c55fbbe47d2ba04e9aff2da186e282f1e9ff0a15bbb22a5f6e0e7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f86-208c-4745-8d54-4756950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:30.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:30.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fc55c5ced1027b48885780c87980a286181d3639dfc97d03ebe04ec012a1b677']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f86-6428-4db0-ad8a-4caa950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:30.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:30.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5259854994945a165996d994e6484c1afc1c7e628cb5df2dc3750f4f9f92202e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f86-5b44-443a-b489-4814950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:30.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:30.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7714dbb85c5ebcd85cd1d93299479cff2cc82ad0ed11803c24c44106530d2e2f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f87-23a4-4bb9-b793-41c5950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:31.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:31.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ddd16577b458a5ec21ea0f57084033435a46f61dc5482f224c1fe54f47d295bc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f87-8a14-41f4-a4bb-4110950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:31.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:31.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8fa135fc74583e05be208752e8ce191060b1617447815a007efac78662b425d0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f88-4db8-4d18-9ddf-4533950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:32.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '526e1dc893629c00c017fbe62b53392cb26bc6b15947e7b8b7df10a62f40cbad']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f88-9488-4d3f-9cc8-4b30950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:32.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '41176825ba0627f61981280b27689a0c5cc6bfb310a408fa623515e6239b8647']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f88-ddf0-4bcb-b209-49c4950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:32.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '98e9e65d6e674620eccaf3d024af1e7b736cc889e94a698685623d146d4fb15f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f89-66fc-4b9b-8b2f-4d64950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:33.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:33.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e7f071929a4304447cf638057d9499df9970b2a3d53d328a609f191a4bc29ffd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122f89-91fc-46ab-be05-4220950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:06:33.000Z",
|
|
|
|
"modified": "2015-10-05T08:06:33.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8873908061f9c8d563de26fe6fa671080a90a2d60f795cc0664ef686e1162955']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:06:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fac-a254-4a20-9031-4a15950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:08.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '382b88b654d7c5149ce8e9813accb86fd58eb1c01d66f730774f27a14d6af06c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fac-49e0-4b1a-85cc-4649950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:08.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0a106551b950d312c3847889cb233cbdaaebbc55fc2d7b6deb37f493079aa419']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fad-f2f0-4d65-8a2b-4c59950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:09.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '95c2b1fd5a9e0141e6c597771e832e6c6743713888bfad3d172c0180d650795b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fad-b314-484a-b608-4a5f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:09.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '487a442fa69be5fe701662976a2f9d16f7f1dc4b03d63b9a289a6395855b42d0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fad-ade8-404a-8302-4f45950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:09.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '63b4ff014e74bd0a31b16393d145d1332e963b2e17f07396529793a4f0cf8b48']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fae-4530-4ce3-9e0a-48da950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:10.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fa8594384e119908ec4ea5e0af9597251f6de76a66c30682e36ca1f1d303c7a9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fae-3754-4a7b-950f-4438950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:10.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f2a478eb2674b65d602204b2df8fc5e715e22596b039f235f9dfa27c03bbaa9b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fae-801c-48dd-a6df-46af950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:10.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ca59d78e9d23a737054b70385060346a8e6afc4948cd84f97826deb05168c279']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122faf-5e6c-4d4b-9c79-41b3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:11.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:11.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'af338b0d35e532644850f9f5e00b6c67d6e08609cb9ef79d48e9f435f87366d0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122faf-35e0-4381-95f8-4f71950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:11.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:11.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '17c89f5a579ecc3f97914a0fdd8ed1305a3682e09a719f91716607c3d63eabdf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb0-5d80-466d-a0a9-492c950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:12.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0e75378d2ee5a7b90696dd67efa0d06d619f7f29021a7f056ff5a0fe881f8d6e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb0-d3b4-4f35-bfb1-4a31950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:12.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '55573153750d98938270d858ca220a4435ebcd1dac44388e5a59315e7811193c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb0-84f8-418f-b177-459f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:12.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '426f279a503a19d5c253621ad98f589d853270fd0a1ec54bf08ee55c1f647964']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb1-7874-446d-a713-49fc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:13.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f1e527fba122f91e79e790ba519c0d161cb4959bb1c89d6c20cf8a141ef8f854']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb1-fb4c-4b0f-bcd7-481d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:13.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bcb3d4a2960e76cc169bd80ff26c7973502ef11baf0d45d52534184f055003a1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb1-7a64-4163-9d00-45c8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:13.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5fd7b3994fc95cd72e2c76607ed00f260783e02b6fdf228e1e4616ca1e8702be']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb2-c8d8-4a2c-9b54-43b9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:14.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0771302f113d9c64fca3988a31020afa0767d3e1b66a2e74f819fd62b80b8a5e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb2-61f0-49f1-b033-4fb8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:14.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1d5eea2236a2a44fe0ff4e17491c37f04ffa4a0af9a4b09ecc463089e3f48f14']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb3-6cd0-4764-ac94-4b21950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:14.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3404bbf56d81da355636371f2e84b3b83ead7d78384c1627db67c4a59c275285']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb3-b950-45fa-897d-4af9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:15.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '04f69960b2e5fbd06f746e050c7a04e4ea9de67289fd82d3a85a92963aec387a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fb3-35a8-479c-b8dd-4dd6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:15.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '363e58e1f489b6fade4975a54c02575e8832d95171b6b5646fd475d6a5f35ed9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fcb-0dbc-4f4d-b46e-4e2a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:39.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:39.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2771276596981c0ff189c27e6869b147c3c3665fd8b94b14d68695ea6ea3d09d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fcc-5d98-48f0-b422-413e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:40.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:40.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8d113243da8992220e73a2fd02ae28d209b326b191aeef95f3c8e223c1c6db96']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fcc-0478-4f00-9030-4a2a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:40.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:40.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9e538a58aed94a7748df9262ae0343dea9efce8d9117e0868eb404e1098747b6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fcc-b380-4e9f-9168-4f36950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:40.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:40.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1607cf9625d7bf4ef39f8c1383fa0b1b1edcd13939d5d49fba5cdc14a73a2d95']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fcd-5364-45d4-a2a2-455b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:41.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:41.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6bd56dd4cc6a97912531fcb8d9f79f814fd45c9e97600f170646308868b1097b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56122fcd-b01c-4691-af77-40c6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:07:41.000Z",
|
|
|
|
"modified": "2015-10-05T08:07:41.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a8456f50c47b5248a93bcaebd05cb07bbf61527d5c7537767df1aaabb64bad95']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:07:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123678-ba64-45be-87f6-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:08.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:08.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: a8456f50c47b5248a93bcaebd05cb07bbf61527d5c7537767df1aaabb64bad95",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b0084f31b793882cbeacc741a585f27e32a2d684']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123679-e8b8-459c-87ee-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:09.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:09.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: a8456f50c47b5248a93bcaebd05cb07bbf61527d5c7537767df1aaabb64bad95",
|
|
|
|
"pattern": "[file:hashes.MD5 = '88b4f5bb5f8958dc7a8515a44d855f74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123679-72a0-48fd-817c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:09.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:09.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:09Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123679-72a0-48fd-817c-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123679-72a0-48fd-817c-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/a8456f50c47b5248a93bcaebd05cb07bbf61527d5c7537767df1aaabb64bad95/analysis/1415562757/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123679-979c-41f7-b924-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:09.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:09.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 6bd56dd4cc6a97912531fcb8d9f79f814fd45c9e97600f170646308868b1097b",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7d08dfd487618a2bbc868677efb15f1af707632f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367a-9718-46c8-9e1e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:10.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:10.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 6bd56dd4cc6a97912531fcb8d9f79f814fd45c9e97600f170646308868b1097b",
|
|
|
|
"pattern": "[file:hashes.MD5 = '608c43d8cb56fb13f5fa20a1dd201ab8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612367a-e94c-44fc-9ffa-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:10.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:10.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:10Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:10Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612367a-e94c-44fc-9ffa-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612367a-e94c-44fc-9ffa-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/6bd56dd4cc6a97912531fcb8d9f79f814fd45c9e97600f170646308868b1097b/analysis/1433387817/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367a-7ff8-40d3-969a-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:10.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:10.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 1607cf9625d7bf4ef39f8c1383fa0b1b1edcd13939d5d49fba5cdc14a73a2d95",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '41d045717eaeb1b818b10fae62d042f175c0ca39']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367b-ada4-489e-b952-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:11.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:11.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 1607cf9625d7bf4ef39f8c1383fa0b1b1edcd13939d5d49fba5cdc14a73a2d95",
|
|
|
|
"pattern": "[file:hashes.MD5 = '298ac1f9c662bec50b60cd1d8b9615de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612367b-9b78-44b1-a155-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:11.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:11.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:11Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:11Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612367b-9b78-44b1-a155-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612367b-9b78-44b1-a155-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/1607cf9625d7bf4ef39f8c1383fa0b1b1edcd13939d5d49fba5cdc14a73a2d95/analysis/1425074812/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367c-0a50-4d47-a47b-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:12.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:12.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 9e538a58aed94a7748df9262ae0343dea9efce8d9117e0868eb404e1098747b6",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '466a138fa11e829afb3af35df8b0ca73d5083640']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367c-f468-49da-be5f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:12.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:12.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 9e538a58aed94a7748df9262ae0343dea9efce8d9117e0868eb404e1098747b6",
|
|
|
|
"pattern": "[file:hashes.MD5 = '063dd2b2ceff421e944446057a77fce9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612367c-eafc-4ff3-920c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:12.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:12.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:12Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:12Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612367c-eafc-4ff3-920c-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612367c-eafc-4ff3-920c-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/9e538a58aed94a7748df9262ae0343dea9efce8d9117e0868eb404e1098747b6/analysis/1440839976/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367d-95f0-4ca5-b30f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:13.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:13.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 8d113243da8992220e73a2fd02ae28d209b326b191aeef95f3c8e223c1c6db96",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '663f0d5cfc5ddd574e5de3f18e31c51e0536edcb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367d-f650-437c-8996-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:13.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:13.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 8d113243da8992220e73a2fd02ae28d209b326b191aeef95f3c8e223c1c6db96",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9e94b0902c9e8e665fc94a0b7c038230']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612367d-62ac-4237-a0fa-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:13.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:13.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:13Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612367d-62ac-4237-a0fa-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612367d-62ac-4237-a0fa-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/8d113243da8992220e73a2fd02ae28d209b326b191aeef95f3c8e223c1c6db96/analysis/1421693191/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367e-29f8-4cc6-937f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:14.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:14.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 2771276596981c0ff189c27e6869b147c3c3665fd8b94b14d68695ea6ea3d09d",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '48c7287dc791c1f07366ec2e913d15501774b53f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367e-9488-4967-a1dd-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:14.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:14.000Z",
|
|
|
|
"description": "Worm.Win32.Lingdun - Xchecked via VT: 2771276596981c0ff189c27e6869b147c3c3665fd8b94b14d68695ea6ea3d09d",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd50d238555c6b31562637d9287664c85']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612367f-9664-4955-b545-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:15.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:15.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:15Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:15Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612367f-9664-4955-b545-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612367f-9664-4955-b545-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/2771276596981c0ff189c27e6869b147c3c3665fd8b94b14d68695ea6ea3d09d/analysis/1424358749/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367f-0ddc-4617-b770-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:15.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:15.000Z",
|
|
|
|
"description": "- Xchecked via VT: 363e58e1f489b6fade4975a54c02575e8832d95171b6b5646fd475d6a5f35ed9",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0faa45d44e7b58f433d29cd72192fb03396261eb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612367f-6704-47b8-9933-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:15.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:15.000Z",
|
|
|
|
"description": "- Xchecked via VT: 363e58e1f489b6fade4975a54c02575e8832d95171b6b5646fd475d6a5f35ed9",
|
|
|
|
"pattern": "[file:hashes.MD5 = '01a6bb9129e5b88ae79ed0c92de62996']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123680-d16c-4073-9a3d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:16.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:16.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:16Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:16Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123680-d16c-4073-9a3d-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123680-d16c-4073-9a3d-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/363e58e1f489b6fade4975a54c02575e8832d95171b6b5646fd475d6a5f35ed9/analysis/1437787737/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123680-9a08-48c2-ba00-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:16.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:16.000Z",
|
|
|
|
"description": "- Xchecked via VT: 04f69960b2e5fbd06f746e050c7a04e4ea9de67289fd82d3a85a92963aec387a",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bb3813a3a7a72d20c5fdc034a9fe0d908755ab13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123681-2810-4cb1-bee2-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:17.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:17.000Z",
|
|
|
|
"description": "- Xchecked via VT: 04f69960b2e5fbd06f746e050c7a04e4ea9de67289fd82d3a85a92963aec387a",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6960d147b686a1906036778d39864c37']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123681-bd68-480a-a5b3-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:17.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:17.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:17Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123681-bd68-480a-a5b3-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123681-bd68-480a-a5b3-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/04f69960b2e5fbd06f746e050c7a04e4ea9de67289fd82d3a85a92963aec387a/analysis/1435567937/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123681-3e18-459d-9a4d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:17.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:17.000Z",
|
|
|
|
"description": "- Xchecked via VT: 3404bbf56d81da355636371f2e84b3b83ead7d78384c1627db67c4a59c275285",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'afc72147e0adad1ec12224bec11769e469d77b5a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123682-b230-4ca5-bb9e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:18.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:18.000Z",
|
|
|
|
"description": "- Xchecked via VT: 3404bbf56d81da355636371f2e84b3b83ead7d78384c1627db67c4a59c275285",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a5ec659e64bc8923b2eb8a29acda5443']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123682-bdb8-4891-8f0e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:18.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:18.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:18Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123682-bdb8-4891-8f0e-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123682-bdb8-4891-8f0e-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/3404bbf56d81da355636371f2e84b3b83ead7d78384c1627db67c4a59c275285/analysis/1435562792/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123682-2c4c-46f1-b2d5-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:18.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:18.000Z",
|
|
|
|
"description": "- Xchecked via VT: 1d5eea2236a2a44fe0ff4e17491c37f04ffa4a0af9a4b09ecc463089e3f48f14",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '72f7c96d522d51c335b611dcadbbd8844aa2cc99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123683-c89c-45d5-8d79-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:19.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:19.000Z",
|
|
|
|
"description": "- Xchecked via VT: 1d5eea2236a2a44fe0ff4e17491c37f04ffa4a0af9a4b09ecc463089e3f48f14",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2e0efc1e34ef156fd4eafc8cff95935b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123683-a0bc-44cc-9cff-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:19.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:19.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:19Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123683-a0bc-44cc-9cff-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123683-a0bc-44cc-9cff-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/1d5eea2236a2a44fe0ff4e17491c37f04ffa4a0af9a4b09ecc463089e3f48f14/analysis/1431437592/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123684-0954-4780-a731-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:20.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:20.000Z",
|
|
|
|
"description": "- Xchecked via VT: 0771302f113d9c64fca3988a31020afa0767d3e1b66a2e74f819fd62b80b8a5e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e03be99b007066a4f86ef6dd59d21f0f55ddc5ab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123684-cc50-4d41-8471-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:20.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:20.000Z",
|
|
|
|
"description": "- Xchecked via VT: 0771302f113d9c64fca3988a31020afa0767d3e1b66a2e74f819fd62b80b8a5e",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a73a6648ca6751db0135061a0a4da56c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123684-c3a0-414d-b0de-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:20.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:20.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:20Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123684-c3a0-414d-b0de-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123684-c3a0-414d-b0de-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/0771302f113d9c64fca3988a31020afa0767d3e1b66a2e74f819fd62b80b8a5e/analysis/1429498693/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123685-fb08-4246-bf80-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:21.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5fd7b3994fc95cd72e2c76607ed00f260783e02b6fdf228e1e4616ca1e8702be",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'aee8fa2d6ed3aacbbf2ded8ce8c16ceb30748234']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123685-3ad8-4444-94ec-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:21.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:21.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5fd7b3994fc95cd72e2c76607ed00f260783e02b6fdf228e1e4616ca1e8702be",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4b6c61af679a5aa9a0646d043082b3a6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123685-21c4-4d6b-90ac-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:21.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:21.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:21Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123685-21c4-4d6b-90ac-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123685-21c4-4d6b-90ac-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/5fd7b3994fc95cd72e2c76607ed00f260783e02b6fdf228e1e4616ca1e8702be/analysis/1429498528/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123686-3a60-4fd3-bd01-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:22.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:22.000Z",
|
|
|
|
"description": "- Xchecked via VT: bcb3d4a2960e76cc169bd80ff26c7973502ef11baf0d45d52534184f055003a1",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '03b3b747e445bdc03372ac8897b44b0e9de4c5db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123686-c5ac-442a-b63f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:22.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:22.000Z",
|
|
|
|
"description": "- Xchecked via VT: bcb3d4a2960e76cc169bd80ff26c7973502ef11baf0d45d52534184f055003a1",
|
|
|
|
"pattern": "[file:hashes.MD5 = '245727ad94d2de6cf6a66b0234da663d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123687-98ac-4203-949c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:23.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:23.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:23Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:23Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123687-98ac-4203-949c-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123687-98ac-4203-949c-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/bcb3d4a2960e76cc169bd80ff26c7973502ef11baf0d45d52534184f055003a1/analysis/1429497979/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123687-b3ec-4821-a81d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:23.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:23.000Z",
|
|
|
|
"description": "- Xchecked via VT: f1e527fba122f91e79e790ba519c0d161cb4959bb1c89d6c20cf8a141ef8f854",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8e0faa34c39e5576f04b285f4fb32dce576a8e8b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123687-3da0-43b1-a9be-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:23.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:23.000Z",
|
|
|
|
"description": "- Xchecked via VT: f1e527fba122f91e79e790ba519c0d161cb4959bb1c89d6c20cf8a141ef8f854",
|
|
|
|
"pattern": "[file:hashes.MD5 = '11c7a092cf3df597302e56cef41743c6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123688-66c0-4915-a961-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:24.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:24.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:24Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:24Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123688-66c0-4915-a961-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123688-66c0-4915-a961-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/f1e527fba122f91e79e790ba519c0d161cb4959bb1c89d6c20cf8a141ef8f854/analysis/1429498440/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123688-d310-4c26-868f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:24.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:24.000Z",
|
|
|
|
"description": "- Xchecked via VT: 426f279a503a19d5c253621ad98f589d853270fd0a1ec54bf08ee55c1f647964",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3132690df8ea8bf306f34097277f4e0a8ccf40e9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123688-da9c-442a-8633-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:24.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:24.000Z",
|
|
|
|
"description": "- Xchecked via VT: 426f279a503a19d5c253621ad98f589d853270fd0a1ec54bf08ee55c1f647964",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fb963c9e4f15219c9b063b9793e5f0af']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123689-0f68-4e9a-bbe8-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:25.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:25.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:25Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:25Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123689-0f68-4e9a-bbe8-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123689-0f68-4e9a-bbe8-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/426f279a503a19d5c253621ad98f589d853270fd0a1ec54bf08ee55c1f647964/analysis/1425002758/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123689-c460-48c7-8da8-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:25.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:25.000Z",
|
|
|
|
"description": "- Xchecked via VT: 55573153750d98938270d858ca220a4435ebcd1dac44388e5a59315e7811193c",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e27410af6319e6026641c5c146e817de7458cf28']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368a-2408-4474-969d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:26.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:26.000Z",
|
|
|
|
"description": "- Xchecked via VT: 55573153750d98938270d858ca220a4435ebcd1dac44388e5a59315e7811193c",
|
|
|
|
"pattern": "[file:hashes.MD5 = '55d7d201e3c58550b86e414381e7e788']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612368a-e73c-4991-ae37-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:26.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:26.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:26Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612368a-e73c-4991-ae37-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612368a-e73c-4991-ae37-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/55573153750d98938270d858ca220a4435ebcd1dac44388e5a59315e7811193c/analysis/1424995693/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368a-4b7c-43a1-a442-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:26.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:26.000Z",
|
|
|
|
"description": "- Xchecked via VT: 0e75378d2ee5a7b90696dd67efa0d06d619f7f29021a7f056ff5a0fe881f8d6e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9fa7a84d96088bb0347975fa190a6e6a5c3a2055']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368b-b9bc-422f-876a-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:27.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:27.000Z",
|
|
|
|
"description": "- Xchecked via VT: 0e75378d2ee5a7b90696dd67efa0d06d619f7f29021a7f056ff5a0fe881f8d6e",
|
|
|
|
"pattern": "[file:hashes.MD5 = '413720af54dae727e4b265c260e0a8c6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612368b-4b00-4813-ac28-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:27.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:27.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:27Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612368b-4b00-4813-ac28-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612368b-4b00-4813-ac28-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/0e75378d2ee5a7b90696dd67efa0d06d619f7f29021a7f056ff5a0fe881f8d6e/analysis/1424958549/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368b-19b0-4af5-a08d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:27.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:27.000Z",
|
|
|
|
"description": "- Xchecked via VT: 17c89f5a579ecc3f97914a0fdd8ed1305a3682e09a719f91716607c3d63eabdf",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7c96545cc980b33525ad6a0dabb810536c4dc552']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368c-129c-4e5a-81fc-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:28.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:28.000Z",
|
|
|
|
"description": "- Xchecked via VT: 17c89f5a579ecc3f97914a0fdd8ed1305a3682e09a719f91716607c3d63eabdf",
|
|
|
|
"pattern": "[file:hashes.MD5 = '748373ddf4d81208f2cc172953b7ef4e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612368c-2f98-4669-8618-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:28.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:28.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:28Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:28Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612368c-2f98-4669-8618-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612368c-2f98-4669-8618-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/17c89f5a579ecc3f97914a0fdd8ed1305a3682e09a719f91716607c3d63eabdf/analysis/1424945814/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368d-4b68-44cf-973d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:29.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:29.000Z",
|
|
|
|
"description": "- Xchecked via VT: af338b0d35e532644850f9f5e00b6c67d6e08609cb9ef79d48e9f435f87366d0",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2496127d10cc2020b8cb5aba0915fe74ea3dc0e7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368d-e590-4d7a-af9c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:29.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:29.000Z",
|
|
|
|
"description": "- Xchecked via VT: af338b0d35e532644850f9f5e00b6c67d6e08609cb9ef79d48e9f435f87366d0",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5e3acb7994bfad3f825f195a4d04b072']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612368d-8c70-4611-9056-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:29.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:29.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:29Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:29Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612368d-8c70-4611-9056-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612368d-8c70-4611-9056-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/af338b0d35e532644850f9f5e00b6c67d6e08609cb9ef79d48e9f435f87366d0/analysis/1424961291/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368e-68c4-4166-a96e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:30.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:30.000Z",
|
|
|
|
"description": "- Xchecked via VT: ca59d78e9d23a737054b70385060346a8e6afc4948cd84f97826deb05168c279",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0198f95fa4bded65bd9ac1ff8c9cbb8f6f598016']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368e-66c8-4acb-bd1c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:30.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:30.000Z",
|
|
|
|
"description": "- Xchecked via VT: ca59d78e9d23a737054b70385060346a8e6afc4948cd84f97826deb05168c279",
|
|
|
|
"pattern": "[file:hashes.MD5 = '88b9ccb21ffb3dc7f8d4ea5886f10059']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612368e-749c-476a-b666-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:30.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:30.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:30Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:30Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612368e-749c-476a-b666-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612368e-749c-476a-b666-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/ca59d78e9d23a737054b70385060346a8e6afc4948cd84f97826deb05168c279/analysis/1424966053/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368f-495c-499a-8787-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:31.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:31.000Z",
|
|
|
|
"description": "- Xchecked via VT: f2a478eb2674b65d602204b2df8fc5e715e22596b039f235f9dfa27c03bbaa9b",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a00659dffc0e90c50ccfaf9029eb3f9f853d5e66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612368f-3454-47de-8bdf-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:31.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:31.000Z",
|
|
|
|
"description": "- Xchecked via VT: f2a478eb2674b65d602204b2df8fc5e715e22596b039f235f9dfa27c03bbaa9b",
|
|
|
|
"pattern": "[file:hashes.MD5 = '122d40d730f3d129f5c2a35697ebf36b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123690-8e90-48fc-886f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:32.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:32Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:32Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123690-8e90-48fc-886f-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123690-8e90-48fc-886f-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/f2a478eb2674b65d602204b2df8fc5e715e22596b039f235f9dfa27c03bbaa9b/analysis/1424972212/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123690-f520-484e-b0a2-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:32.000Z",
|
|
|
|
"description": "- Xchecked via VT: fa8594384e119908ec4ea5e0af9597251f6de76a66c30682e36ca1f1d303c7a9",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '424ad8877554bee0e41084445c9d3f3df3516df1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123690-3b70-4a9b-a674-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:32.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:32.000Z",
|
|
|
|
"description": "- Xchecked via VT: fa8594384e119908ec4ea5e0af9597251f6de76a66c30682e36ca1f1d303c7a9",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e1833036cdd53f3a97cf394c5f180413']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123691-7b10-4112-a54b-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:33.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:33.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:33Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123691-7b10-4112-a54b-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123691-7b10-4112-a54b-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/fa8594384e119908ec4ea5e0af9597251f6de76a66c30682e36ca1f1d303c7a9/analysis/1424978696/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123691-8708-4340-bd29-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:33.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:33.000Z",
|
|
|
|
"description": "- Xchecked via VT: 63b4ff014e74bd0a31b16393d145d1332e963b2e17f07396529793a4f0cf8b48",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'de8f02de09b63bab7c3651842b614306509c1a91']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123691-7ce8-4b16-8b16-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:33.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:33.000Z",
|
|
|
|
"description": "- Xchecked via VT: 63b4ff014e74bd0a31b16393d145d1332e963b2e17f07396529793a4f0cf8b48",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3cc351d5d02dcd30c078f6a7f33d7f3d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123692-eb1c-4cc3-9467-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:34.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:34.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:34Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123692-eb1c-4cc3-9467-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123692-eb1c-4cc3-9467-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/63b4ff014e74bd0a31b16393d145d1332e963b2e17f07396529793a4f0cf8b48/analysis/1423128856/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123692-c37c-4253-8c70-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:34.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:34.000Z",
|
|
|
|
"description": "- Xchecked via VT: 487a442fa69be5fe701662976a2f9d16f7f1dc4b03d63b9a289a6395855b42d0",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1b6d464b323f394c36e7f62b4c7f20df0d9bb1f2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123693-6df4-45b7-9142-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:35.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:35.000Z",
|
|
|
|
"description": "- Xchecked via VT: 487a442fa69be5fe701662976a2f9d16f7f1dc4b03d63b9a289a6395855b42d0",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'd91323b3170b07dc89a31dd48daac35e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123693-9c38-49e3-aea5-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:35.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:35.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:35Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123693-9c38-49e3-aea5-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123693-9c38-49e3-aea5-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/487a442fa69be5fe701662976a2f9d16f7f1dc4b03d63b9a289a6395855b42d0/analysis/1422276299/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123693-d30c-45b9-a988-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:35.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:35.000Z",
|
|
|
|
"description": "- Xchecked via VT: 95c2b1fd5a9e0141e6c597771e832e6c6743713888bfad3d172c0180d650795b",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '56d4700f71f470859ae6f02fd2732292764df894']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123694-a020-4f98-b3a0-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:36.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:36.000Z",
|
|
|
|
"description": "- Xchecked via VT: 95c2b1fd5a9e0141e6c597771e832e6c6743713888bfad3d172c0180d650795b",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e323e036d0f5a56a9630933e07e4dc2e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123694-78e8-4b99-a13e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:36.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:36.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:36Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123694-78e8-4b99-a13e-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123694-78e8-4b99-a13e-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/95c2b1fd5a9e0141e6c597771e832e6c6743713888bfad3d172c0180d650795b/analysis/1422275285/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123694-1c68-4798-81bd-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:36.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:36.000Z",
|
|
|
|
"description": "- Xchecked via VT: 0a106551b950d312c3847889cb233cbdaaebbc55fc2d7b6deb37f493079aa419",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2ced747c965c2c88d41fd795bb98fab2d519103a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123695-ed88-4a5d-82b0-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:37.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:37.000Z",
|
|
|
|
"description": "- Xchecked via VT: 0a106551b950d312c3847889cb233cbdaaebbc55fc2d7b6deb37f493079aa419",
|
|
|
|
"pattern": "[file:hashes.MD5 = '70949f4f1f016a0522622496f3c093bc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123695-94f8-4c94-acf0-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:37.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:37.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:37Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123695-94f8-4c94-acf0-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123695-94f8-4c94-acf0-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/0a106551b950d312c3847889cb233cbdaaebbc55fc2d7b6deb37f493079aa419/analysis/1416273310/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123696-61dc-4634-8331-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:38.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:38.000Z",
|
|
|
|
"description": "- Xchecked via VT: 382b88b654d7c5149ce8e9813accb86fd58eb1c01d66f730774f27a14d6af06c",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f3514f9985112753e615686855f13769b8c51d7d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123696-1be8-41c4-89f1-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:38.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:38.000Z",
|
|
|
|
"description": "- Xchecked via VT: 382b88b654d7c5149ce8e9813accb86fd58eb1c01d66f730774f27a14d6af06c",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c16d8fd20f50a5a023fe55ac02cf9e9d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123696-0128-41ca-996b-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:38.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:38.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:38Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123696-0128-41ca-996b-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123696-0128-41ca-996b-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/382b88b654d7c5149ce8e9813accb86fd58eb1c01d66f730774f27a14d6af06c/analysis/1416274651/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123697-4a84-4e94-828b-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:39.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:39.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8873908061f9c8d563de26fe6fa671080a90a2d60f795cc0664ef686e1162955",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2369371296cf99c46361eb8fcc37dad975cc087c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123697-2b78-43e3-b7d8-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:39.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:39.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8873908061f9c8d563de26fe6fa671080a90a2d60f795cc0664ef686e1162955",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0b98ee74843809493b0661c679a3c90c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123697-5884-4690-8d48-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:39.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:39.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:39Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:39Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123697-5884-4690-8d48-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123697-5884-4690-8d48-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/8873908061f9c8d563de26fe6fa671080a90a2d60f795cc0664ef686e1162955/analysis/1444008311/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123698-3a0c-4a93-bae2-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:40.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:40.000Z",
|
|
|
|
"description": "- Xchecked via VT: e7f071929a4304447cf638057d9499df9970b2a3d53d328a609f191a4bc29ffd",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ee94a8373cecfef7579224e2f87f386aa7615cb1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123698-28f8-4982-a230-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:40.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:40.000Z",
|
|
|
|
"description": "- Xchecked via VT: e7f071929a4304447cf638057d9499df9970b2a3d53d328a609f191a4bc29ffd",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4460f3d29a4bce8aa8e8ffde4a467b70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56123699-3388-43a1-8aec-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:41.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:41.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:41Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56123699-3388-43a1-8aec-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56123699-3388-43a1-8aec-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/e7f071929a4304447cf638057d9499df9970b2a3d53d328a609f191a4bc29ffd/analysis/1444008220/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123699-e1dc-4ac9-b70e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:41.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:41.000Z",
|
|
|
|
"description": "- Xchecked via VT: 98e9e65d6e674620eccaf3d024af1e7b736cc889e94a698685623d146d4fb15f",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'd0b0a3131b3fb6a62a9ac4ebdeb28511d731f9b3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56123699-0794-4ef2-82b7-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:41.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:41.000Z",
|
|
|
|
"description": "- Xchecked via VT: 98e9e65d6e674620eccaf3d024af1e7b736cc889e94a698685623d146d4fb15f",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fbf92317ca8a7d5c243ab62624701050']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612369a-9cb8-4a93-a99e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:42.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:42.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:42Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612369a-9cb8-4a93-a99e-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612369a-9cb8-4a93-a99e-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/98e9e65d6e674620eccaf3d024af1e7b736cc889e94a698685623d146d4fb15f/analysis/1444008274/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369a-0b90-448a-ad34-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:42.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:42.000Z",
|
|
|
|
"description": "- Xchecked via VT: 41176825ba0627f61981280b27689a0c5cc6bfb310a408fa623515e6239b8647",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '274485e7c56a02cfe831eaf9d45d70ad27982fa6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369a-5400-41b5-b78c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:42.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:42.000Z",
|
|
|
|
"description": "- Xchecked via VT: 41176825ba0627f61981280b27689a0c5cc6bfb310a408fa623515e6239b8647",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e6b45faf823387bca7524c4d0329543f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612369b-2b30-4d4d-9b65-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:43.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:43.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:43Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612369b-2b30-4d4d-9b65-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612369b-2b30-4d4d-9b65-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/41176825ba0627f61981280b27689a0c5cc6bfb310a408fa623515e6239b8647/analysis/1444008204/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369b-5f44-44c8-b8d9-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:43.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:43.000Z",
|
|
|
|
"description": "- Xchecked via VT: 526e1dc893629c00c017fbe62b53392cb26bc6b15947e7b8b7df10a62f40cbad",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '009d0e2b778cd58752a2e2aa511cc36546b559b4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369c-c5d8-4ec2-b483-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:44.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:44.000Z",
|
|
|
|
"description": "- Xchecked via VT: 526e1dc893629c00c017fbe62b53392cb26bc6b15947e7b8b7df10a62f40cbad",
|
|
|
|
"pattern": "[file:hashes.MD5 = '29e147675af38ece406b6227f3ccd76b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612369c-3b50-46d3-9fe1-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:44.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:44.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:44Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612369c-3b50-46d3-9fe1-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612369c-3b50-46d3-9fe1-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/526e1dc893629c00c017fbe62b53392cb26bc6b15947e7b8b7df10a62f40cbad/analysis/1444008363/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369c-6b54-4725-9fe2-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:44.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:44.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8fa135fc74583e05be208752e8ce191060b1617447815a007efac78662b425d0",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5ede35772d73b9e1ce49c092545ee2d89b720619']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369d-f69c-4fd5-8096-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:45.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:45.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8fa135fc74583e05be208752e8ce191060b1617447815a007efac78662b425d0",
|
|
|
|
"pattern": "[file:hashes.MD5 = '304a10d364454ee8f2e26979927c0334']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612369d-b09c-412d-8b26-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:45.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:45.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:45Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612369d-b09c-412d-8b26-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612369d-b09c-412d-8b26-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/8fa135fc74583e05be208752e8ce191060b1617447815a007efac78662b425d0/analysis/1444008338/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369e-2d64-4ba6-b81c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:45.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:45.000Z",
|
|
|
|
"description": "- Xchecked via VT: ddd16577b458a5ec21ea0f57084033435a46f61dc5482f224c1fe54f47d295bc",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0a8acea794196a9db843f787a33461792f136042']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369e-8d34-4034-a2c9-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:46.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:46.000Z",
|
|
|
|
"description": "- Xchecked via VT: ddd16577b458a5ec21ea0f57084033435a46f61dc5482f224c1fe54f47d295bc",
|
|
|
|
"pattern": "[file:hashes.MD5 = '97210a234417954c7bbe87bfe685eaae']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612369e-fc24-4214-b219-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:46.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:46.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:46Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:46Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612369e-fc24-4214-b219-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612369e-fc24-4214-b219-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/ddd16577b458a5ec21ea0f57084033435a46f61dc5482f224c1fe54f47d295bc/analysis/1439926128/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369f-d0ac-4c12-a7b6-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:47.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:47.000Z",
|
|
|
|
"description": "- Xchecked via VT: 7714dbb85c5ebcd85cd1d93299479cff2cc82ad0ed11803c24c44106530d2e2f",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a33dfcac2f323813b014b8a72e1446e2bfd15f3c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5612369f-f5d8-49c4-94a9-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:47.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:47.000Z",
|
|
|
|
"description": "- Xchecked via VT: 7714dbb85c5ebcd85cd1d93299479cff2cc82ad0ed11803c24c44106530d2e2f",
|
|
|
|
"pattern": "[file:hashes.MD5 = '35ee9556457d6170ea83c800887c1cbe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5612369f-3e68-4624-9809-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:47.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:47.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:47Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5612369f-3e68-4624-9809-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5612369f-3e68-4624-9809-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/7714dbb85c5ebcd85cd1d93299479cff2cc82ad0ed11803c24c44106530d2e2f/analysis/1444031801/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a0-8778-4332-a006-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:48.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:48.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5259854994945a165996d994e6484c1afc1c7e628cb5df2dc3750f4f9f92202e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ed8ef5ec3b6ce414d3436632c6d1d70683665ae4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a0-632c-4e29-9a6c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:48.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:48.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5259854994945a165996d994e6484c1afc1c7e628cb5df2dc3750f4f9f92202e",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6e907716dc1aa6b9c490ce58aaae0d53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561236a1-7de8-41ea-9a70-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:49.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:49.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:49Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561236a1-7de8-41ea-9a70-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561236a1-7de8-41ea-9a70-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/5259854994945a165996d994e6484c1afc1c7e628cb5df2dc3750f4f9f92202e/analysis/1444008255/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a1-9d44-4c79-948d-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:49.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:49.000Z",
|
|
|
|
"description": "- Xchecked via VT: fc55c5ced1027b48885780c87980a286181d3639dfc97d03ebe04ec012a1b677",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bc435c82cf4dbc7f91c89aa5770244d4a871998a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a1-dec8-4272-bc8e-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:49.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:49.000Z",
|
|
|
|
"description": "- Xchecked via VT: fc55c5ced1027b48885780c87980a286181d3639dfc97d03ebe04ec012a1b677",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3a41bb59e2946a66bbd03a8b4d51510b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561236a2-d428-45b8-9e1a-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:50.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:50.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:50Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561236a2-d428-45b8-9e1a-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561236a2-d428-45b8-9e1a-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/fc55c5ced1027b48885780c87980a286181d3639dfc97d03ebe04ec012a1b677/analysis/1444008140/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a2-a3dc-4b60-a37c-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:50.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:50.000Z",
|
|
|
|
"description": "- Xchecked via VT: 4938b9861b7c55fbbe47d2ba04e9aff2da186e282f1e9ff0a15bbb22a5f6e0e7",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '31657fecf8d0d6c16b3eb491d161632f97259a3f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a2-2d88-4e2c-af41-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:50.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:50.000Z",
|
|
|
|
"description": "- Xchecked via VT: 4938b9861b7c55fbbe47d2ba04e9aff2da186e282f1e9ff0a15bbb22a5f6e0e7",
|
|
|
|
"pattern": "[file:hashes.MD5 = '62c6f0e3615b0771c0d189d3a7c50477']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561236a3-8ff8-4191-993f-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:51.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:51.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:51Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561236a3-8ff8-4191-993f-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561236a3-8ff8-4191-993f-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/4938b9861b7c55fbbe47d2ba04e9aff2da186e282f1e9ff0a15bbb22a5f6e0e7/analysis/1444008240/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a3-903c-49fd-822a-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:51.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:51.000Z",
|
|
|
|
"description": "- Xchecked via VT: 57cc101ee4a9f306236d1d4fb5ccb3bb96fa76210142a5ec483a49321d2bd603",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7c3bec0bd93778c7011baa6f1856388d21c3c9c3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--561236a4-71b4-40a2-af67-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:52.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:52.000Z",
|
|
|
|
"description": "- Xchecked via VT: 57cc101ee4a9f306236d1d4fb5ccb3bb96fa76210142a5ec483a49321d2bd603",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8e93947dfd1b11a77a04429bd8b32ced']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-10-05T08:36:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--561236a4-404c-43eb-b507-2be0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-10-05T08:36:52.000Z",
|
|
|
|
"modified": "2015-10-05T08:36:52.000Z",
|
|
|
|
"first_observed": "2015-10-05T08:36:52Z",
|
|
|
|
"last_observed": "2015-10-05T08:36:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--561236a4-404c-43eb-b507-2be0950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--561236a4-404c-43eb-b507-2be0950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/57cc101ee4a9f306236d1d4fb5ccb3bb96fa76210142a5ec483a49321d2bd603/analysis/1444008051/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|